On 26 October 2021, Adobe issued security updates for vulnerabilities affecting multiple products. It is recommended that these updates should be applied during your regular update cycle.
Details
- Adobe assigned a critical severity rating to 61 flaws, noting that they could allow arbitrary code execution. Adobe’s threshold for a Critical rating is a CVSS score of 7.5 (typically considered High by other vendors).
- The flaws require a user to be authenticated for successful exploitation.
- Adobe recommends administrators install the update at their discretion.
- The company has no evidence of any public proof-of-concept (POC) implementations or current campaigns exploiting these vulnerabilities.
- Adobe After Effects 18.4.1 and earlier versions for Windows contained 11 vulnerabilities; nine of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
- Adobe Audition 14.4 and earlier versions for Windows and macOS contained nine vulnerabilities; six of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
- Adobe Bridge 11.1.1 and earlier versions for Windows contained nine vulnerabilities; eight of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 12.0.
- Character Animator 4.4 and earlier versions for Windows and macOS contained eight vulnerabilities; three of them rated with CVSS v3.1 score of 7.8. The latest release of the product Character Animator 2021 is 4.4.2, and Character Animator 2022 22.0.
- Prelude 10.1 and earlier versions for Windows contained nine vulnerabilities; six of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 22.0.
- Lightroom Classic 10.3 and earlier versions for Windows contained one vulnerability with CVSS v3.1 score of 7.7. The latest release of the product is 11.0.
- Illustrator 25.4.1 and earlier versions for Windows contained five vulnerabilities; two rated with CVSS v3.1 score of 7.8. The latest release of the product is Illustrator 2022 26.0.
- Media Encoder 15.4.1 and earlier versions for Windows and macOS contained six vulnerabilities; three of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 22.0.
- Premiere Pro 15.4.1 and earlier versions for Windows and macOS contained six vulnerabilities; three of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
- Animate 21.0.9 and earlier versions for Windows contained 10 vulnerabilities; nine of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
- Premiere Elements 2021 build 19.0 (20210809.daily.2242976) and earlier for Windows and macOS contained seven vulnerabilities; four of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is Premiere Elements 2021 build 19.0 (20211007.daily.2243969).
- InDesign 16.4 and earlier versions for Windows and macOS contained three vulnerabilities; two of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 17.0.
- XMP Toolkit SDK 2021.07 and earlier versions, for all platforms, contained five vulnerabilities; four of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 2021.08.
- Photoshop 2021 22.5.1 and earlier versions for Windows and macOS contained three vulnerabilities; two of them rated with CVSS v3.1 score of 7.8. The latest release of the product is Photoshop 2021 22.5.2 and Photoshop 2022 23.0.
Recommendations
- Follow Adobe’s guidance and update the noted products to the latest release.
- Users can update their product installations manually by choosing Help > Check for Updates.
References